MD5 File Signatures

The MD5 Message Digest Algorithm is an algorithm invented by Professor Ronald L. Rivest of MIT. One of the features is taking a sequence of bytes in a disk file and produce a “digital signature”, or what can be sometimes called a “digest” or “hash”. This algorithm is designed so that the probability of any two files having the same digital signature is practically zero, so if a file is changed even by one byte then the digital signature will also change.

In 2007, CDE Software began implementing MD5 digital signature with files uploaded to our website. This signature is taken as soon as an installer is created by our build machines. During the upload process, the signature will be provided in the on our product download details page.

What does that mean for you?

This helps provide an extra layer of security to help assure that the files on our website came from CDE Software’s build machines and has not been touched or modified by any person or process.

There are times that a download from our website to your computer may fail due to lost connections by your ISP. If the signature does not match, then this is a good indicator that there was a problem with your download and you should download the program again.

How do I verify the MD5 digital signature?.

There are several DOS and Windows based utilities that can be used to verify the MD5 file signature of the installer. One of the easiest applications to use is a free application called digestIT 2004 from Colony West Software. digestIT 2004 comes in 32 bit and 64 bit versions and is compatible with Windows 2000, XP, 2003, Vista and Windows 7. Visit their website at http://tinyurl.com/lseb3eto download digestIT 2004.

After downloading and installing digestIT 2004, do the following:

Download the appropriate CDE product

Select the MD5 Checksum for that product on the product download page, right click and select COPY to place in your clipboard.

Right click in the signature field to enter the MD5 hash and select PASTE

digestIT 2004 will then verify that there is a match in signatures assuring that your download has correctly been transferred and is verified as coming from CDE Software.

Digitally Signed Applications and DLL’s

CDE Software continues to use digital certificates to digitally sign the applications, DLL’s and installers as it has done for several years. This digital signature provides the highest level of assurance in terms of verification that the files are coming directly from CDE Software by a machine that has been authenticated by one of the most recognized certifying agencies.

Installers, applications and DLL’s are digitally “shrink-wrapped” for code and content to protect our end users when software is downloaded from the Internet. The digital signatures authenticate the source as well as the integrity of content.

To verify that the installer or application from CDE is digitally signed, right-click on file and select Properties. Select the tab labeled Digital Signature. CDE Software should be listed as one of the certificates attached to that file. If the tab is missing or CDE is not listed, then the application has not been digitally signed.